[Pkg-openssl-devel] openssl 1.0.0e vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Fri Oct 7 07:49:06 UTC 2011
On Fri, Oct 07, 2011 at 09:17:51AM +0200, Thijs Kinkhorst wrote:
> On Thu, October 6, 2011 18:15, Julian Gilbey wrote:
> > On Thu, Oct 06, 2011 at 02:23:31PM +0200, Florian Weimer wrote:
> >> * Julian Gilbey:
> >>
> >> > In the file crypto/rsa/rsa_eay.c, at line 850, if the CRT-based
> >> > modular exponentiation has failed, a second attempt is tried using
> >> > bn_mod_exp (line 862 or 866). However, the results of this attempt
> >> > are NOT then verified. The paper then describes how this weakness can
> >> > be exploited.
> >>
> >> IIRC, this requires faulty hardware, on a very thin line where the
> >> system still mostly works, but the modular exponentiation fail
> >> nevertheless. This seems rather unlikely. In addition, such an
> >> attack wouldn't work against TLS servers because they do not perform
> >> RSA signing.
> >>
> >> I always thought that this paper was a great compliment to the OpenSSL
> >> authors---usually, you don't have to resort to faulty hardware to
> >> uncover security issues. 8-)
> >
> > :-)
> >
> > A careful reading of the paper shows that the hardware was perfectly
> > functional but forced to fail in a very specific way due to carefully
> > changing the input power voltage. The only reason that this attack
> > was capable of being successful was because the openssl code took care
> > to protect against the possibility of the CRT approach being
> > compromised but not the fallback method. It seems fairly
> > straightforward to fix this potential hole, especially as this exploit
> > is now available for all to read.
>
> If I read that this attack vector requires carefully changing the input
> voltage, I'm tempted to conclude that (a) it would be good if upstream
> addressed this and that fix would trickle down to Debian over time, and
> (b) it seems rare enough not to issue a DSA for it.
> Opinions?
Agreed.
Cheers,
Moritz
More information about the Pkg-openssl-devel
mailing list